I'm throwing this idea out there without much critical thought, not as an endorsement, but to hash it out publicly: one account per physical 2fa token?
This is not presently a barrier for 2fa-enabled apps where enabling it is an option, not a requirement.
-
-
It's not, but restricting to n accounts per 2fa changes the question from "does this 2fa match this one account" to "which accounts does this 2fa match"
-
which isn't really done in any implementations now
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.